NR-164382: unify provision strategy #541

Workflow file for this run

	name: Continuous Integration

	on:
	push:
	branches: [main]
	pull_request:
	branches: [main]

	concurrency:
	group: ${{ github.workflow }}-${{ github.head_ref \|\| github.run_id }}
	cancel-in-progress: true

	jobs:
	check-distributions:
	name: Validate distributions
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v3
	- name: Check unique distributions names
	run: ./.github/workflows/scripts/check_distro_names.sh
	build:
	name: Validate distributions build, third party libraries and security
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v3
	with:
	fetch-depth: 0

	- name: Setup Go
	uses: actions/setup-go@v3
	with:
	go-version: '~1.20.8'
	check-latest: true

	- name: Verify build
	run: make ci

	- name: Validate distributions third party libraries
	run: make licenses-check

	- name: Run Snyk to check for vulnerabilities
	uses: snyk/actions/golang@master
	env:
	SNYK_TOKEN: ${{ secrets.CAOS_SNYK_TOKEN }}
	with:
	args: --all-projects --severity-threshold=high

	- uses: docker/setup-qemu-action@v2

	- uses: docker/setup-buildx-action@v2

	- name: Build binaries & packages with GoReleaser
	uses: goreleaser/goreleaser-action@v4
	with:
	distribution: goreleaser
	version: latest
	args: --snapshot --clean --skip-sign --timeout 2h
	env:
	GORELEASER_CURRENT_TAG: 0.0.0

	- name: Extract image version
	run: echo "version=$(jq -r '.version' dist/metadata.json)" >> $GITHUB_ENV

	- name: Trivy security check
	uses: aquasecurity/trivy-action@master
	with:
	image-ref: "newrelic/nr-otel-collector:${{ env.version }}-rc-amd64"
	format: 'table'
	exit-code: '1'
	ignore-unfixed: true
	vuln-type: 'os,library'
	severity: "HIGH,CRITICAL"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

NR-164382: unify provision strategy #541

Workflow file

NR-164382: unify provision strategy #541

Jobs

Run details

Workflow file for this run